Follow

Q&A: What are Layer 7 DDoS Attacks and L7 DDoS Profiles?

Question

  • What are Layer 7 DDoS Attacks?
  • What are L7 DDoS Profiles?

Environment

  • Silverline WAF
  • Silverline DDoS
  • Proxy/Proxies
  • L7 DDoS Profile

Answer

What are Layer 7 DDoS Attacks?

Layer 7 (L7) DDoS attacks target the Application Layer of the OSI model and attempt to exploit features of the application with the intention of disabling and preventing access to those features.

L7 DDoS attacks are distinct from other types of DDoS attacks in the following ways:

  • Most L7 DDoS attacks involve legitimate requests, such as those from clients that are capable of storing session cookies. By contrast, layer 4 (L4) DDoS attacks typically generate bogus requests.
  • L7 DDoS attacks are more difficult to identify than other DDoS attacks because L7 attacks do not always depend on a high volume of traffic and the requests appear to be from legitimate clients.
  • L7 DDoS attacks may attempt to exploit vulnerabilities in the application software. By contrast, other types of DDoS attacks rely more on brute-force methods used to overwhelm the network.
  • The most common form of L7 DDoS attack that is typically observed is in the form of a credential stuffing or dictionary attack. The attacks are scripted out to attempt to gain access through a login page on a site by leveraging different potential passwords associated with a user's account.

What are Layer 7 DDoS Profiles?

Layer 7 DDoS profiles protect web application proxies from  Layer 7 DDoS attacks by analyzing the requests (usually HTTP requests) from clients attempting to connect.

The basic steps for utilizing L7 DDoS Profiles are:

1. Create and configure the profiles. -- See How to Configure New Layer 7 DDoS Profile.

2. Add the profiles to new or existing proxies. -- See Add L7 DDoS Profile to Proxy

 

Related Content

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request